Author: Miguel Guhlin / Source: TechNotes Blog – TCEA
Are you a school district using OneLogin? A data breach affecting all U.S. customers means the keys to your digital kingdom have been taken.
Do you use a single-sign-on (SSO) solution to get your students and staff logged into multiple systems? If so, you will want to read this blog entry. On Wednesday, May 31, 2017, OneLogin notified its 12 million customers (BBC, 2013) that their SSO solution had been breached:
OneLogin, a company that provides customers with a single sign on for logging into multiple sites and apps, appears to have compromised customer data, including the ability to decrypt encrypted files. The company notified customers via email Wednesday that the incident stemmed from unauthorized access to one of its U.S. data centers. (Source: Threatpost)
“The service says all of its data centers in the US have been hacked, with customer data ‘potentially compromised.’” (Source: C-NET)
Before we explore the implications of the breach, let’s revisit why SSO solutions are so important.
SSO Makes Learning Possible
Only the smallest school districts can manually maintain usernames and passwords for all students and staff using online teaching and learning systems. Each requires staff and students to maintain a unique login and password. For all tasked with memorizing and tracking these login credentials, it requires a Herculean effort.
SSO simplifies keeping track of forty or more usernames and passwords for digital textbooks, online systems, and more. Popular SSO solutions include Classlink, Encore*, Identity Automation, Lenovo/Stoneware, OneLogin, and Tools4Ever. Solution providers deliver services such as Single Sign-On (SSO), Self Service Password Reset, and User Provisioning/De-Provisioning. Other services include IT Productivity, Applicant/Parent Self-Registration, Cloud Security, Multi-Factor Authentication, and more. These are essential services. A data breach of your school district’s SSO solution can mean the exposure of sensitive data for students and staff.
*Please note the statement Encore makes at the end of this blog entry about their recommendations. Statements from other SSO solution providers are being sought.
OneLogin Breach Opens the Door, Again
An established solution, OneLogin’s breach opens the door to 5,000+ valued services (e.g. Blackboard, Moodle, Google, Office365) for those affected school districts. Here are some relevant quotes:
“…the company gave more details about the breach, and revealed that all customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data.…That’s kind of a big deal.” (Source: Solutions Review)
“Gartner Inc. financial fraud analyst Avivah Litan said she has long discouraged companies from using cloud-based single sign-on services, arguing that they (cloud-based SSO providers) are…
Click here to read more